diff --git a/CVE-2021-46854.patch b/CVE-2021-46854.patch deleted file mode 100644 index b1a999515e30900f1f449dd697b160159ba3ea65..0000000000000000000000000000000000000000 --- a/CVE-2021-46854.patch +++ /dev/null @@ -1,43 +0,0 @@ -From 10a227b4d50e0a2cd2faf87926f58d865da44e43 Mon Sep 17 00:00:00 2001 -From: Chris Hofstaedtler -Date: Tue, 3 Aug 2021 21:53:28 +0200 -Subject: [PATCH] mod_radius: copy _only_ the password - ---- - contrib/mod_radius.c | 11 ++++++++--- - 1 file changed, 8 insertions(+), 3 deletions(-) - -diff --git a/contrib/mod_radius.c b/contrib/mod_radius.c -index 5092ca5e05..028c364ffd 100644 ---- a/contrib/mod_radius.c -+++ b/contrib/mod_radius.c -@@ -2324,21 +2324,26 @@ static void radius_add_passwd(radius_packet_t *packet, unsigned char type, - - pwlen = strlen((const char *) passwd); - -+ /* Clear the buffers. */ -+ memset(pwhash, '\0', sizeof(pwhash)); -+ - if (pwlen == 0) { - pwlen = RADIUS_PASSWD_LEN; - - } if ((pwlen & (RADIUS_PASSWD_LEN - 1)) != 0) { -+ /* pwlen is not a multiple of RADIUS_PASSWD_LEN, need to prepare a proper buffer */ -+ memcpy(pwhash, passwd, pwlen); - - /* Round up the length. */ - pwlen += (RADIUS_PASSWD_LEN - 1); - - /* Truncate the length, as necessary. */ - pwlen &= ~(RADIUS_PASSWD_LEN - 1); -+ } else { -+ /* pwlen is a multiple of RADIUS_PASSWD_LEN, we can just use it. */ -+ memcpy(pwhash, passwd, pwlen); - } - -- /* Clear the buffers. */ -- memset(pwhash, '\0', sizeof(pwhash)); -- memcpy(pwhash, passwd, pwlen); - - /* Find the password attribute. */ - attrib = radius_get_attrib(packet, RADIUS_PASSWORD); diff --git a/modules.conf b/modules.conf index 87d8b32c072ecf1b412eab9729c35edae66dee5d..3e343ae9cc518577faf065cec3df768b27c4ae25 100644 --- a/modules.conf +++ b/modules.conf @@ -171,6 +171,10 @@ LoadModule mod_vroot.c LoadModule mod_qos.c +# Attempt to generate a unique ID for every FTP session +# (http://www.proftpd.org/docs/contrib/mod_unique_id.html) +# LoadModule mod_unique_id.c +# # Provide a flexible way of specifying that certain configuration directives # only apply to certain sessions, based on credentials such as connection # class, user, or group membership diff --git a/proftpd-1.3.7a-check-api.patch b/proftpd-1.3.7a-check-api.patch deleted file mode 100644 index ffe29f66cb08cfa37db35fdc462ae1ae2f8b3480..0000000000000000000000000000000000000000 --- a/proftpd-1.3.7a-check-api.patch +++ /dev/null @@ -1,120 +0,0 @@ ---- tests/api/env.c -+++ tests/api/env.c -@@ -61,11 +61,11 @@ START_TEST (env_get_test) { - pr_env_unset(p, key); - - res = pr_env_get(p, key); -- fail_unless(res == NULL); -+ fail_unless(res == NULL, "Unexpectedly found foo in environment"); - - /* XXX PATH should always be set in the environment, right? */ - res = pr_env_get(p, "PATH"); -- fail_unless(res != NULL); -+ fail_unless(res != NULL, "Failed to find PATH in environment"); - - #else - res = pr_env_get(p, key); ---- tests/api/sets.c -+++ tests/api/sets.c -@@ -97,20 +97,20 @@ START_TEST (set_create_test) { - fail_unless(errno == EPERM, "Failed to set errno to EPERM"); - - res = xaset_create(p, NULL); -- fail_unless(res != NULL); -+ fail_unless(res != NULL, "Failed with valid pool and NULL compare item"); - fail_unless(res->pool == p, "Expected %p, got %p", p, res->pool); - - permanent_pool = make_sub_pool(p); - - res = xaset_create(NULL, NULL); -- fail_unless(res != NULL); -+ fail_unless(res != NULL, "Failed to handle null arguments"); - fail_unless(res->pool == permanent_pool, "Expected %p, got %p", - permanent_pool, res->pool); - fail_unless(res->xas_compare == NULL, "Expected NULL, got %p", - res->xas_compare); - - res = xaset_create(p, (XASET_COMPARE) item_cmp); -- fail_unless(res != NULL); -+ fail_unless(res != NULL, "Failed with valid pool and compare items"); - fail_unless(res->pool == p, "Expected %p, got %p", p, res->pool); - fail_unless(res->xas_compare == (XASET_COMPARE) item_cmp, - "Expected %p, got %p", item_cmp, res->xas_compare); -@@ -355,12 +355,12 @@ START_TEST (set_remove_test) { - fail_unless(res == 0, "Failed to add item2"); - - member = (xasetmember_t *) item1; -- fail_unless(member->next == NULL); -- fail_unless(member->prev != NULL); -+ fail_unless(member->next == NULL, "Next pointer is not NULL"); -+ fail_unless(member->prev != NULL, "Previous pointer is NULL"); - - member = (xasetmember_t *) item2; -- fail_unless(member->next != NULL); -- fail_unless(member->prev == NULL); -+ fail_unless(member->next != NULL, "Next pointer is NULL"); -+ fail_unless(member->prev == NULL, "Previous pointer is not NULL"); - - member = set->xas_list; - fail_unless(member == (xasetmember_t *) item2, -@@ -371,8 +371,8 @@ START_TEST (set_remove_test) { - strerror(errno)); - - member = (xasetmember_t *) item2; -- fail_unless(member->next == NULL); -- fail_unless(member->prev == NULL); -+ fail_unless(member->next == NULL, "Next pointer is not NULL"); -+ fail_unless(member->prev == NULL, "Previous pointer is not NULL"); - - member = set->xas_list; - fail_unless(member == (xasetmember_t *) item1, -@@ -383,8 +383,8 @@ START_TEST (set_remove_test) { - strerror(errno)); - - member = (xasetmember_t *) item1; -- fail_unless(member->next == NULL); -- fail_unless(member->prev == NULL); -+ fail_unless(member->next == NULL, "Next pointer is not NULL"); -+ fail_unless(member->prev == NULL, "Previous pointer is not NULL"); - - member = set->xas_list; - fail_unless(member == NULL, "Expected list to be empty, got %p", member); ---- tests/api/str.c -+++ tests/api/str.c -@@ -1539,10 +1539,10 @@ START_TEST (uid2str_test) { - const char *res; - - res = pr_uid2str(NULL, (uid_t) 1); -- fail_unless(strcmp(res, "1") == 0); -+ fail_unless(strcmp(res, "1") == 0, "Failed to handle uid of 1"); - - res = pr_uid2str(NULL, (uid_t) -1); -- fail_unless(strcmp(res, "-1") == 0); -+ fail_unless(strcmp(res, "-1") == 0, "Failed to handle uid of -1"); - } - END_TEST - -@@ -1550,10 +1550,10 @@ START_TEST (gid2str_test) { - const char *res; - - res = pr_gid2str(NULL, (gid_t) 1); -- fail_unless(strcmp(res, "1") == 0); -+ fail_unless(strcmp(res, "1") == 0, "Failed to handle gid of 1"); - - res = pr_gid2str(NULL, (gid_t) -1); -- fail_unless(strcmp(res, "-1") == 0); -+ fail_unless(strcmp(res, "-1") == 0, "Failed to handle gid of -1"); - } - END_TEST - ---- tests/api/timers.c -+++ tests/api/timers.c -@@ -157,7 +157,7 @@ START_TEST (timer_remove_test) { - int res; - - res = pr_timer_remove(0, NULL); -- fail_unless(res == 0); -+ fail_unless(res == 0, "Non-zero response for removal with timer ID 0"); - - res = pr_timer_add(1, 0, NULL, timers_test_cb, "test"); - fail_unless(res == 0, "Failed to add timer (%d): %s", res, strerror(errno)); diff --git a/proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch b/proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch deleted file mode 100644 index 34933bfdda57089829f7e8427335f0aa515e35db..0000000000000000000000000000000000000000 --- a/proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch +++ /dev/null @@ -1,84 +0,0 @@ -diff -ruNa proftpd-1.3.7a/tests/api/netacl.c proftpd-1.3.7a-fix/tests/api/netacl.c ---- proftpd-1.3.7a/tests/api/netacl.c 2020-07-22 01:25:51.000000000 +0800 -+++ proftpd-1.3.7a-fix/tests/api/netacl.c 2021-01-13 14:44:00.679322360 +0800 -@@ -773,8 +773,10 @@ - - res = pr_netacl_match(acl, addr); - if (getenv("TRAVIS") == NULL) { -- fail_unless(res == 1, "Failed to positively match ACL to addr: %s", -- strerror(errno)); -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { -+ fail_unless(res == 1, "Failed to positively match ACL to addr: %s", -+ strerror(errno)); -+ } - } - - if (!have_localdomain) { -@@ -790,8 +790,10 @@ - - res = pr_netacl_match(acl, addr); - if (getenv("TRAVIS") == NULL) { -- fail_unless(res == -1, "Failed to negatively match ACL to addr: %s", -- strerror(errno)); -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { -+ fail_unless(res == -1, "Failed to negatively match ACL to addr: %s", -+ strerror(errno)); -+ } - } - - acl_str = "!www.google.com"; -@@ -816,8 +816,10 @@ - - res = pr_netacl_match(acl, addr); - if (getenv("TRAVIS") == NULL) { -- fail_unless(res == 1, "Failed to positively match ACL to addr: %s", -- strerror(errno)); -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { -+ fail_unless(res == 1, "Failed to positively match ACL to addr: %s", -+ strerror(errno)); -+ } - } - - if (!have_localdomain) { -@@ -833,8 +835,10 @@ - - res = pr_netacl_match(acl, addr); - if (getenv("TRAVIS") == NULL) { -- fail_unless(res == -1, "Failed to negatively match ACL to addr: %s", -- strerror(errno)); -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { -+ fail_unless(res == -1, "Failed to negatively match ACL to addr: %s", -+ strerror(errno)); -+ } - } - - acl_str = "!www.g*g.com"; -diff -ruNa proftpd-1.3.7a/tests/api/netaddr.c proftpd-1.3.7a-fix/tests/api/netaddr.c ---- proftpd-1.3.7a/tests/api/netaddr.c 2021-01-13 14:30:47.467322360 +0800 -+++ proftpd-1.3.7a-fix/tests/api/netaddr.c 2021-01-13 14:42:45.851322360 +0800 -@@ -417,7 +417,9 @@ - res = pr_netaddr_fnmatch(addr, "LOCAL*", flags); - if (getenv("TRAVIS") == NULL) { - /* This test is sensitive the environment. */ -- fail_unless(res == TRUE, "Expected TRUE, got %d", res); -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { -+ fail_unless(res == TRUE, "Expected TRUE, got %d", res); -+ } - } - - flags = PR_NETADDR_MATCH_IP; -@@ -879,9 +881,11 @@ - */ - if (getenv("TRAVIS") == NULL) { - /* This test is sensitive the environment. */ -- fail_unless(strcmp(res, "localhost") == 0 || -- strcmp(res, "localhost.localdomain") == 0, -- "Expected '%s', got '%s'", "localhost or localhost.localdomain", res); -+ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { -+ fail_unless(strcmp(res, "localhost") == 0 || -+ strcmp(res, "localhost.localdomain") == 0, -+ "Expected '%s', got '%s'", "localhost or localhost.localdomain", res); -+ } - } - } - END_TEST diff --git a/proftpd-1.3.7a-netaddr-test.patch b/proftpd-1.3.7a-netaddr-test.patch deleted file mode 100644 index 95a7d4298623be297d8638315ac510896a50d3cd..0000000000000000000000000000000000000000 --- a/proftpd-1.3.7a-netaddr-test.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- tests/api/netaddr.c -+++ tests/api/netaddr.c -@@ -135,7 +135,8 @@ START_TEST (netaddr_get_addr_test) { - - res = pr_netaddr_get_addr(p, name, NULL); - fail_unless(res == NULL, "Unexpected got address for '%s'", name); -- fail_unless(errno == ENOENT, "Expected ENOENT (%d), got %s (%d)", ENOENT, -+ fail_unless(errno == ENOENT || errno == EAGAIN, -+ "Expected ENOENT (%d) or EAGAIN (%d), got %s (%d)", ENOENT, EAGAIN, - strerror(errno), errno); - - name = "localhost"; -@@ -190,7 +191,8 @@ START_TEST (netaddr_get_addr_test) { - - res = pr_netaddr_get_addr(p, name, NULL); - fail_unless(res == NULL, "Resolved '%s' unexpectedly", name); -- fail_unless(errno == ENOENT, "Expected ENOENT (%d), got %s (%d)", ENOENT, -+ fail_unless(errno == ENOENT || errno == EAGAIN, -+ "Expected ENOENT (%d) or EAGAIN (%d), got %s (%d)", ENOENT, EAGAIN, - strerror(errno), errno); - - #if defined(PR_USE_IPV6) diff --git a/proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch b/proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch new file mode 100644 index 0000000000000000000000000000000000000000..5620f80e5f4fdc17794caa4edc8935b69c7de175 --- /dev/null +++ b/proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch @@ -0,0 +1,105 @@ +From cb0e408e8b82fa8c198d9dd95e5818d8431e9fd5 Mon Sep 17 00:00:00 2001 +From: chen-jan +Date: Tue, 11 Apr 2023 16:55:34 +0800 +Subject: [PATCH] proftpd-1.3.8-fix-environment-sensitive-tests-failure + +--- + tests/api/netacl.c | 8 ++++++++ + tests/api/netaddr.c | 6 ++++++ + 2 files changed, 14 insertions(+) + +diff --git a/tests/api/netacl.c b/tests/api/netacl.c +index e4b0431..b91ecdb 100644 +--- a/tests/api/netacl.c ++++ b/tests/api/netacl.c +@@ -775,8 +775,10 @@ START_TEST (netacl_match_test) { + res = pr_netacl_match(acl, addr); + if (getenv("CI") == NULL && + getenv("TRAVIS") == NULL) { ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { + ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s", + strerror(errno)); ++ } + } + + if (!have_localdomain) { +@@ -793,8 +795,10 @@ START_TEST (netacl_match_test) { + res = pr_netacl_match(acl, addr); + if (getenv("CI") == NULL && + getenv("TRAVIS") == NULL) { ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { + ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s", + strerror(errno)); ++ } + } + + acl_str = "!www.google.com"; +@@ -820,8 +824,10 @@ START_TEST (netacl_match_test) { + res = pr_netacl_match(acl, addr); + if (getenv("CI") == NULL && + getenv("TRAVIS") == NULL) { ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { + ck_assert_msg(res == 1, "Failed to positively match ACL to addr: %s", + strerror(errno)); ++ } + } + + if (!have_localdomain) { +@@ -838,8 +844,10 @@ START_TEST (netacl_match_test) { + res = pr_netacl_match(acl, addr); + if (getenv("CI") == NULL && + getenv("TRAVIS") == NULL) { ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { + ck_assert_msg(res == -1, "Failed to negatively match ACL to addr: %s", + strerror(errno)); ++ } + } + + acl_str = "!www.g*g.com"; +diff --git a/tests/api/netaddr.c b/tests/api/netaddr.c +index e79b06c..b7dbeaf 100644 +--- a/tests/api/netaddr.c ++++ b/tests/api/netaddr.c +@@ -424,8 +424,10 @@ START_TEST (netaddr_fnmatch_test) { + res = pr_netaddr_fnmatch(addr, "LOCAL*", flags); + if (getenv("CI") == NULL && + getenv("TRAVIS") == NULL) { ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { + /* This test is sensitive the environment. */ + ck_assert_msg(res == TRUE, "Expected TRUE, got %d", res); ++ } + } + + flags = PR_NETADDR_MATCH_IP; +@@ -887,10 +889,12 @@ START_TEST (netaddr_get_dnsstr_test) { + */ + if (getenv("CI") == NULL && + getenv("TRAVIS") == NULL) { ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { + /* This test is sensitive the environment. */ + ck_assert_msg(strcmp(res, "localhost") == 0 || + strcmp(res, "localhost.localdomain") == 0, + "Expected '%s', got '%s'", "localhost or localhost.localdomain", res); ++ } + } + } + END_TEST +@@ -1011,6 +1015,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) { + */ + if (getenv("CI") == NULL && + getenv("TRAVIS") == NULL) { ++ if(strcmp(getenv("HOSTNAME"), "localhost") == 0 || strcmp(getenv("HOSTNAME"), "localhost.localdomain") == 0) { + ck_assert_msg(strcmp(res, "localhost") == 0 || + strcmp(res, "localhost.localdomain") == 0 || + strcmp(res, "localhost6") == 0 || +@@ -1019,6 +1024,7 @@ START_TEST (netaddr_get_dnsstr_ipv6_test) { + strcmp(res, "ip6-loopback") == 0 || + strcmp(res, ip) == 0, + "Expected '%s', got '%s'", "localhost, localhost.localdomain et al", res); ++ } + } + } + END_TEST +-- +2.39.1 + diff --git a/proftpd-1.3.7-shellbang.patch b/proftpd-1.3.8-shellbang.patch similarity index 90% rename from proftpd-1.3.7-shellbang.patch rename to proftpd-1.3.8-shellbang.patch index d328c78ab5f65cdaed67f623547bf98840bfb21a..e0762822d7c20990ba4fa4a167fbd0e1b5afe808 100644 --- a/proftpd-1.3.7-shellbang.patch +++ b/proftpd-1.3.8-shellbang.patch @@ -4,7 +4,7 @@ -#!/usr/bin/env perl +#!/usr/bin/perl # --------------------------------------------------------------------------- - # Copyright (C) 2000-2020 TJ Saunders + # Copyright (C) 2000-2021 TJ Saunders # --- contrib/ftpmail +++ contrib/ftpmail @@ -37,4 +37,4 @@ +#!/usr/bin/perl # --------------------------------------------------------------------------- - # Copyright (C) 2008-2012 TJ Saunders + # Copyright (C) 2008-2020 TJ Saunders diff --git a/proftpd-1.3.7a.tar.gz b/proftpd-1.3.8b.tar.gz similarity index 67% rename from proftpd-1.3.7a.tar.gz rename to proftpd-1.3.8b.tar.gz index cb7b454b1621f68ff4ac67b532a765c5f49e9c38..f40ee8b92726e47a6ffe91d339ce46f0bda4cb4e 100644 Binary files a/proftpd-1.3.7a.tar.gz and b/proftpd-1.3.8b.tar.gz differ diff --git a/proftpd.spec b/proftpd.spec index af7ac3664386ddedb69f4337703c2d82c81893e2..af403be79c59d1a2772ff95e219baff7183b4e0a 100644 --- a/proftpd.spec +++ b/proftpd.spec @@ -13,14 +13,16 @@ # Do a hardened build where possible %global _hardened_build 1 -# Dynamic modules contain references to symbols in main dæmon, so we need to disable linker checks for undefined symbols +# Dynamic modules contain references to symbols in main daemon, so we need to disable linker checks for undefined symbols %undefine _strict_symbol_defs_build -%global mod_vroot_version 0.9.5 +%global mod_vroot_version 0.9.11 + +%global vendor %{?_vendor:%{_vendor}}%{!?_vendor:openEuler} Name: proftpd -Version: 1.3.7a -Release: 2 +Version: 1.3.8b +Release: 1 Summary: Flexible, stable and highly-configurable FTP server License: GPLv2+ URL: http://www.proftpd.org/ @@ -36,16 +38,13 @@ Source8: proftpd-welcome.msg Source9: proftpd.sysconfig Source10: http://github.com/Castaglia/proftpd-mod_vroot/archive/v%{mod_vroot_version}.tar.gz -Patch1: proftpd-1.3.7-shellbang.patch +Patch1: proftpd-1.3.8-shellbang.patch Patch2: proftpd.conf-no-memcached.patch Patch3: proftpd-1.3.4rc1-mod_vroot-test.patch Patch4: proftpd-1.3.6-no-mod-wrap.patch Patch5: proftpd-1.3.6-no-mod-geoip.patch Patch6: proftpd-1.3.7rc3-logging-not-systemd.patch -Patch7: proftpd-1.3.7a-check-api.patch -Patch8: proftpd-1.3.7a-netaddr-test.patch -Patch9: proftpd-1.3.7a-fix-environment-sensitive-tests-failure.patch -Patch10: CVE-2021-46854.patch +Patch8: proftpd-1.3.8-fix-environment-sensitive-tests-failure.patch BuildRequires: coreutils BuildRequires: gcc @@ -59,13 +58,21 @@ BuildRequires: openldap-devel BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: pcre-devel >= 7.0 +BuildRequires: perl-generators BuildRequires: perl-interpreter BuildRequires: pkgconfig +%if %{?vendor:1}0 BuildRequires: postgresql-devel +%endif BuildRequires: sed BuildRequires: sqlite-devel BuildRequires: tar BuildRequires: zlib-devel +BuildRequires: chrpath +BuildRequires: libidn2-devel +BuildRequires: libmemcached-devel >= 0.41 +BuildRequires: pcre2-devel >= 10.30 +BuildRequires: tcp_wrappers-devel # Test suite requirements BuildRequires: check-devel @@ -134,9 +141,15 @@ Requires: openssl-devel Requires: pam-devel Requires: pcre-devel Requires: pkgconfig +%if %{?vendor:1}0 Requires: postgresql-devel +%endif Requires: sqlite-devel Requires: zlib-devel +Requires: libmemcached-devel >= 0.41 +Requires: pcre2-devel >= 10.30 +Requires: tcp_wrappers-devel + %description devel This package is required to build additional modules for ProFTPD. @@ -155,12 +168,14 @@ Requires: %{name} = %{version}-%{release} %description mysql Module to add MySQL support to the ProFTPD FTP server. +%if %{?vendor:1}0 %package postgresql Summary: Module to add PostgreSQL support to the ProFTPD FTP server Requires: %{name} = %{version}-%{release} %description postgresql Module to add PostgreSQL support to the ProFTPD FTP server. +%endif %package sqlite Summary: Module to add SQLite support to the ProFTPD FTP server @@ -174,6 +189,9 @@ Summary: ProFTPD - Additional utilities Requires: %{name} = %{version}-%{release} Requires: perl-interpreter +BuildRequires: perl(Crypt::Cracklib) +Requires: perl(Crypt::Cracklib) + %description utils This package contains additional utilities for monitoring and configuring the ProFTPD server: @@ -231,15 +249,7 @@ sed -i -e '/killall/s/test.*/systemctl reload proftpd.service/' \ %patch6 %endif -# Handle changed API in check 0.15 -# https://bugzilla.redhat.com/show_bug.cgi?id=1850198 -%patch7 - -# getaddrinfo() can return EAGAIN in netaddr api test -# https://github.com/proftpd/proftpd/pull/1075 -%patch8 -%patch9 -p1 -%patch10 -p1 +%patch8 -p1 # Avoid docfile dependencies chmod -c -x contrib/xferstats.holger-preiss @@ -252,17 +262,24 @@ find doc/ contrib/ -name '*.orig' -delete %build # Modules to be built as DSO's (excluding mod_ifsession, always specified last) +%if %{?vendor:1}0 SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_postgres:mod_sql_sqlite +%else +SMOD1=mod_sql:mod_sql_passwd:mod_sql_mysql:mod_sql_sqlite +%endif SMOD2=mod_quotatab:mod_quotatab_file:mod_quotatab_ldap:mod_quotatab_radius:mod_quotatab_sql SMOD3=mod_ldap:mod_ban:mod_ctrls_admin:mod_facl:mod_load:mod_vroot SMOD4=mod_radius:mod_ratio:mod_rewrite:mod_site_misc:mod_exec:mod_shaper SMOD5=mod_wrap2:mod_wrap2_file:mod_wrap2_sql:mod_copy:mod_deflate:mod_ifversion:mod_qos SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache +SMOD7=mod_unique_id %configure \ --libexecdir="%{_libexecdir}/proftpd" \ --localstatedir="%{rundir}/proftpd" \ --disable-strip \ + --enable-memcache \ + --enable-pcre2 \ --enable-ctrls \ --enable-dso \ --enable-facl \ @@ -276,7 +293,7 @@ SMOD6=mod_sftp:mod_sftp_pam:mod_sftp_sql:mod_tls_shmcache --with-libraries="%{_libdir}/%{mysql_lib}" \ --with-includes="%{_includedir}/mysql" \ --with-modules=mod_readme:mod_auth_pam:mod_tls \ - --with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:mod_ifsession + --with-shared=${SMOD1}:${SMOD2}:${SMOD3}:${SMOD4}:${SMOD5}:${SMOD6}:${SMOD7}:mod_ifsession %make_build %install @@ -317,6 +334,11 @@ install -p -m 644 contrib/dist/rpm/proftpd-tmpfs.conf \ %{buildroot}%{_prefix}/lib/tmpfiles.d/proftpd.conf %endif +chrpath -d %{buildroot}%{_sbindir}/proftpd + +mkdir -p %{buildroot}/etc/ld.so.conf.d +echo "%{_libdir}" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf + # Find translations %find_lang proftpd @@ -326,7 +348,7 @@ install -p -m 644 contrib/dist/rpm/proftpd-tmpfs.conf \ ln ftpdctl tests/ make check %else -# API tests should always be OK +#API tests should always be OK export HOSTNAME=`cat /etc/hosts | grep 127.0.0.1 | head -1| awk '{print $2}'` if ! make -C tests api-tests; then # Diagnostics to report upstream @@ -356,6 +378,7 @@ if [ $1 -eq 1 ]; then fi done fi +/sbin/ldconfig %preun if [ $1 -eq 0 ]; then @@ -386,6 +409,7 @@ else service xinetd reload &>/dev/null || : %endif fi +/sbin/ldconfig %files -f proftpd.lang %if 0%{?_licensedir:1} @@ -415,6 +439,7 @@ fi %config(noreplace) %{_sysconfdir}/proftpd/mod_qos.conf %config(noreplace) %{_sysconfdir}/proftpd/mod_tls.conf %config(noreplace) %{_sysconfdir}/sysconfig/proftpd +%config(noreplace) /etc/ld.so.conf.d/* %if %{use_systemd} %{_unitdir}/proftpd.service %{_unitdir}/proftpd.socket @@ -446,6 +471,7 @@ fi %{_libexecdir}/proftpd/mod_facl.so %{_libexecdir}/proftpd/mod_ifsession.so %{_libexecdir}/proftpd/mod_ifversion.so +%{_libexecdir}/proftpd/mod_unique_id.so %{_libexecdir}/proftpd/mod_load.so %{_libexecdir}/proftpd/mod_qos.so %{_libexecdir}/proftpd/mod_quotatab.so @@ -485,8 +511,10 @@ fi %files mysql %{_libexecdir}/proftpd/mod_sql_mysql.so +%if %{?vendor:1}0 %files postgresql %{_libexecdir}/proftpd/mod_sql_postgres.so +%endif %files sqlite %{_libexecdir}/proftpd/mod_sql_sqlite.so @@ -507,6 +535,9 @@ fi %{_mandir}/man1/ftpwho.1* %changelog +* Tue Dec 26 2023 wangkai <13474090681@163.com> - 1.3.8b-1 +- Update to 1.3.8b for fix CVE-2023-51713,CVE-2023-48795 + * Thu Dec 01 2022 jiangpeng - 1.3.7a-2 - Fix CVE-2021-46854 diff --git a/v0.9.11.tar.gz b/v0.9.11.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..e811e1946fc7f738c3daa41594803db1e90cc2cb Binary files /dev/null and b/v0.9.11.tar.gz differ diff --git a/v0.9.5.tar.gz b/v0.9.5.tar.gz deleted file mode 100644 index 9bd3b768176a912dd98bdeb93311edb732e2c4f4..0000000000000000000000000000000000000000 Binary files a/v0.9.5.tar.gz and /dev/null differ